Get patching: GHOST: glibc gethostbyname buffer overflow

morkhans

morkhans

A MyBroadband
Super Moderator
Joined
Jun 22, 2007
Messages
10,897
Reaction score
474
Location
Cape Town
Researchers at cloud security company Qualys have discovered a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glibc). This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.
Click to expand...

http://www.zdnet.com/article/critical-linux-security-hole-found/
http://www.openwall.com/lists/oss-security/2015/01/27/9
http://arstechnica.com/security/201...ng-code-execution-affects-most-linux-systems/

The PoC exploits Exim, but there are a number of applications believed not to be exploitable:
Here is a list of potential targets that we investigated (they all call
gethostbyname, one way or another), but to the best of our knowledge,
the buffer overflow cannot be triggered in any of them:

apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers,
vsftpd, xinetd.

That being said, we believe it would be interesting if other people
could have a look, just in case we missed something.
Click to expand...
 
Last edited:
Pretty easy.

1. Update glibc to latest version
2. Restart services that use the older version, or just reboot the machine if you want the easy way.

Redhat/Centos/Fedora: yum -y update
Debian/Ubuntu/ect: apt-get update && apt-get -y dist-upgrade
 
Ah ok cool thanks. I thought the patches weren't available through the disto's yet :)
 
When I do dist-upgrade it says nothing needs to be upgraded. But on my login screen it says 11 updates and 10 security updates. Ugh

How would I check glibc version?
 
k, running 2.19, so I shouldn't be affected :D
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X